Hi, Openssh doesn't log failed logins to /var/log/btmp like login does (if btmp exists). This is on RH6.2. Is there a specific reason for not logging to btmp ? I think that logging to btmp would be a 'good thing'(tm). What about other unices ? Do they have /var/log/btmp or something similar (AIX has something like that and I think openssh already logs the failed attempts). AFAIK it wouldn't be too much work to get btmp logging to openssh. Here are some ideas that came to mind: - add a failure call to auth1.c and auth2.c (there's already AIX specific loginfailed). - modify loginrec.c so there's a routine to write an entry to btmp ( propably just modify wtmp_write_entry so it can take a filename parameter and then add write_bad_login-function ) Is somebody interested in this kind of btmp feature ? And any chances of getting this included in the portable version ? -Jarno -- Jarno Huuskonen - System Administrator | Jarno.Huuskonen at uku.fi University of Kuopio - Computer Centre | Work: +358 17 162822 PO BOX 1627, 70211 Kuopio, Finland | Mobile: +358 40 5388169
